Home/Network IDS rules
IDS / IPS

Network IDS rules

6,117 rules · linked to T1071 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 6,117
et-open domain-c2
ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)
sid 2015560 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications get system
sid 2016476 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications html return 1
sid 2016477 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications sleep
sid 2016478 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications sleep2
sid 2016479 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications sleep3
sid 2016480 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications sleep5
sid 2016482 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications download client.png
sid 2016483 format suricata
et-open targeted-activity
ET MALWARE CommentCrew Possible APT c2 communications get command client key
sid 2016488 format suricata
et-open domain-c2
ET MALWARE Likely Malicious SSL Cert With Script Tags
sid 2018768 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected
sid 2021938 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
sid 2022101 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)
sid 2022102 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
sid 2022209 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Bancos/DarkTequila CnC)
sid 2022211 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)
sid 2022229 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)
sid 2022234 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)
sid 2022279 format suricata
et-open domain-c2
ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)
sid 2022627 format suricata
et-open trojan-activity
ET MALWARE OSX/Proton.C/D Domain (eltima .in in TLS SNI)
sid 2024889 format suricata
et-open trojan-activity
ET MALWARE OSX/Proton.C/D Domain (handbrakestore .com in TLS SNI)
sid 2024891 format suricata
et-open trojan-activity
ET MALWARE Observed Evrial Domain (cryptoclipper .ru in TLS SNI)
sid 2025201 format suricata
et-open trojan-activity
ET MALWARE Observed Evrial Domain (projectevrial .ru in TLS SNI)
sid 2025257 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (OSX/Calender 2 Mining)
sid 2025424 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Bancos Variant CnC)
sid 2025433 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CoreBot C2)
sid 2025485 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Coin-Hive In Browser Mining)
sid 2025536 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Coinhive URL Shortener)
sid 2025582 format suricata
et-open command-and-control
ET MALWARE BackSwap Trojan C2 Domain Observed (debasuin .nl in TLS SNI)
sid 2025597 format suricata
et-open command-and-control
ET MALWARE Win32/Autophyte.F C2 Domain (tpddata .com in TLS SNI)
sid 2025600 format suricata
et-open command-and-control
ET MALWARE Win32/Autophyte.F C2 Domain (www .anlway .com in TLS SNI)
sid 2025602 format suricata
et-open command-and-control
ET MALWARE Win32/Autophyte.F C2 Domain (www .ap8898 .com in TLS SNI)
sid 2025604 format suricata
et-open command-and-control
ET MALWARE Win32/Autophyte.F C2 Domain (www .apshenyihl .com in TLS SNI)
sid 2025606 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MICROPSIA CnC Domain)
sid 2025918 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Panda Banker C2)
sid 2025995 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Panda Banker Injects)
sid 2025996 format suricata
et-open command-and-control
ET MALWARE Panda Banker C2 Domain (uiaoduiiej .chimkent .su in TLS SNI)
sid 2025998 format suricata
et-open trojan-activity
ET MALWARE Panda Banker Injects Domain (urimchi3dt4 .website in TLS SNI)
sid 2026000 format suricata
et-open trojan-activity
ET MALWARE Malicious Mega Chrome Extension Exfil Domain (www .megaopac .host in TLS SNI)
sid 2026073 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil)
sid 2026112 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)
sid 2026215 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)
sid 2026467 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Win32/Gadwats Banker CnC Domain)
sid 2026468 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 CnC)
sid 2026589 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 1/2 Staging Domain)
sid 2026590 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)
sid 2026591 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
sid 2026593 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
sid 2026596 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
sid 2026597 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
sid 2026599 format suricata
Showing 1-50 of 6,117
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin